The problem has been fixed. Please grab version 0.9.6g. This ticket is now resolved.
[[EMAIL PROTECTED] - Sat Aug 10 00:44:57 2002]: > > We have a question on the patched code: > > http://www.openssl.org/news/patch_20020730_0_9_6d.txt > > RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v > retrieving revision 1.19.2.1 > diff -u -r1.19.2.1 asn1_lib.c > --- crypto/asn1/asn1_lib.c 2001/03/30 13:42:32 1.19.2.1 > +++ crypto/asn1/asn1_lib.c 2002/07/30 09:14:17 > @@ -124,15 +124,13 @@ > (int)(omax+ *pp)); > > #endif > -#if 0 > - if ((p+ *plength) > (omax+ *pp)) > + if (*plength > (omax - (*pp - p))) > { > ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); > /* Set this so that even if things are not long enough > * the values are set correctly */ > ret|=0x80; > } > -#endif > *pp=p; > return(ret|inf); > err: > @@ -159,6 +157,8 @@ > > On the line: > if (*plength > (omax - (*pp - p))) > The value length is check for possibly longer than the total remaining > input. Since p is advancing, should we use the following instead : > if (*plength > (omax - (p - (*pp)))) > > Please advise. > Thanks, > > Jia Ma > > > -- Richard Levitte [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
